In order to preserve user privacy we have sanitized the trace data using modified
version of Vern Paxson's sanitize scripts. The sanitize
scripts strip packet contents and translate IP addresses into numbers
positionally (i.e. the first IP address seen will be translated into
number 1, etc.) so that reverse translation is not possible. The
modification we added preserves "address to number" mapping accross trace
files (i.e. IP address x will be mapped to same number n in all trace
files). Directory sanitize contains these
modified scripts.

We stored sanitized trace files in three directories:

tcp

- tcp packet information

udp

- udp packet information

other

- information about packets that are not tcp, udp or encapsulated IP (IP-IP) and that are not local packets (such as ARP).

Each of these directories contains traces divided into several files whose size is no larger than 6.2MB for easy download. Here is the form of trace data for different packet types:

These traces were generated by running tfn attack tool on our test machines, at
tacking another test machine. Simultaneously, some
legitimate traffic may exist. Traces were recorded on the link between the rout
er and the victim mechine.